Lawmakers call for new restrictions on U.S. federal agency access to state biometric data

Several U.S. lawmakers are calling for regulations to govern the use of state databases for biometric facial recognition searches by Immigration and Customs Enforcement and other agencies, and investigations into the existing practices, The Washington Post reports.

The Post, which this week reported the discovery of numerous internal documents and emails on the use of state databases by federal agencies, also reports that the House Homeland Security Committee is likely to discuss rules for the technology’s use, which have also been discussed at a pair of recent congressional hearings, when it meets this week. The House Judiciary Committee has also asked ICE to brief it on the use of state driver’s license images, and is expected to ask the FBI to do so, according to a committee spokesperson.

Customs and Border Protection (CBP), the Transportation Safety Administration (TSA), the Secret Service, and NIST will participate in the Homeland Security Committee meeting.

According to Representative Jimmy Gomez (D-Calif.), the documents reported by the Post show “the urgent need for substantive federal safeguards on the use of facial recognition technology by law enforcement agencies,” Gomez told The Post in a statement. “With concern over the use of this technology striking chords with both House Democrats and Republicans, I think it’s safe to assume you’ll be seeing action on the issue in the near future.”

Representative Zoe Lofgren (D-Calif.) told the Post that the biometric searches are “a massive, unwarranted intrusion into the privacy rights of Americans by the federal government, done secretly and without authorization by law.” Democratic Senator Patrick J. Leahy (Vt.) Tweeted that Americans getting a driver’s license do not consent to surveillance, and the practice must stop.

The Homeland Security Committee’s top Republican Representative Mike D. Rogers (Ala.) told the Post in a statement that driver’s license photos “should be used in our fight against terrorists, criminals and violent international cartels.” Rather than hindering agencies’ access, Rogers says, lawmakers “should focus on making sure [the Department of Homeland Security] and other departments are using the most accurate and effective facial recognition technology available.”

A spokesperson for the Committee told The Hill that the newly revealed documents are likely to come up in the hearing.

Federal investigators have been granted access to databases from 21 states and the District of Columbia, and the FBI has access to more than 641 million facial images in various databases, according to records from the Government Accountability Office. How many scans have been performed in total is unknown, but more than 1,000 facial searches of Utah databases were performed by outside agencies between 2015 and 2017.

A letter signed by a coalition of more than 30 advocacy groups, led by the Electronic Privacy Information Center (EPIC), was sent to the Homeland Security Committee, calling for the Department of Homeland Security to suspend all uses of facial recognition, including its Biometric Entry/Exit program, to address a series of Constitutional and rights concerns.

Representatives from both sides of the aisle criticized the use of state databases without legislative approval in a House Committee on Oversight and Reform hearing last month, and Fight for the Future launched a national campaign calling for a ban on U.S. government use of facial biometrics this week.

European watchdogs catch the scent

Privacy authorities from European nations, meanwhile, have discussed new guidelines restricting facial recognition, and reclassifying facial recognition data as “biometric data,” representatives from two authorities told POLITICO. Biometric data is considered “sensitive data,” and as such required explicit consent for collection, a standard most police facial recognition deployments do not meet, according to the report.

The watchdogs will need to go through a full process, including public consultation, before finalizing any new rules. A spokesperson for the EU’s privacy regulator group, the European Data Protection Board, declined to comment to POLITICO.

UK Information Commissioner Elizabeth Denham has also warned police forces that facial recognition deployments are subject to GDPR, saying she is concerned about its threat to privacy, and that it is a high-priority area for the Information Commissioner’s Office (ICO), Computing reports.

Denham says that the ICO will publish guidance once the current trials by UK police are complete. In the meantime the commissioner advises police forces to ensure that data protection impact assessments are carried out for each trial, and submitted to the ICO for consideration, “appropriate policy documents” are produced to detail the deployments, and that software treats all people equally.

“Legitimate aims have been identified for the use of live facial recognition,” Denham said of her office’s investigation. “But there remain significant privacy and data protection issues that must be addressed, and I remain deeply concerned about the roll out of this technology.”